Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS140498.roa
File:                     AS140498.roa (raw, json)
Hash identifier:          EtaXvDSCqnW81Q3R/Jg5KzY3EOZBMYtpigxTW7gMR+U=
Subject key identifier:   98:F8:6F:61:9F:C5:9A:5D:0A:DA:9B:0C:0A:A7:76:B4:7A:AB:D9:C3
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       4B700C1B71A62F1E44E415768FE5CE36BF45A43D
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS140498.roa
Signing time:             Tue 22 Jul 2025 09:43:58 +0000
ROA not before:           Tue 22 Jul 2025 09:38:58 +0000
ROA not after:            Tue 21 Jul 2026 09:43:58 +0000
asID:                     140498
IP address blocks:        143.20.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 11:24:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:70:0c:1b:71:a6:2f:1e:44:e4:15:76:8f:e5:ce:36:bf:45:a4:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul 22 09:38:58 2025 GMT
            Not After : Jul 21 09:43:58 2026 GMT
        Subject: CN=98F86F619FC59A5D0ADA9B0C0AA776B47AABD9C3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:83:d8:5c:ef:18:30:96:c2:93:37:cd:bc:d4:
                    28:22:42:57:01:ce:bd:a0:d5:89:7a:7c:27:6a:bf:
                    8a:10:51:65:6f:4a:f9:55:b2:7a:f5:00:42:19:0d:
                    5b:fd:d1:20:df:2c:68:cd:46:9a:26:92:45:72:84:
                    20:9c:df:cd:fc:bc:00:bd:b8:ae:a1:87:d9:94:39:
                    fb:7b:7d:74:a1:d8:8b:10:79:4b:7e:1d:6b:be:2e:
                    b3:ff:db:60:f7:4b:9f:ab:68:86:54:7b:3f:91:02:
                    9d:f0:10:39:ab:c9:8c:18:a6:13:55:fb:dc:e7:92:
                    0e:d3:80:d1:3d:78:4d:f7:28:47:57:45:06:e6:f4:
                    54:39:19:eb:23:1c:3f:7f:9a:68:b3:a3:e1:27:dc:
                    b7:36:93:41:f7:50:3d:b0:68:d1:dd:68:96:0e:97:
                    c4:bf:f2:38:4a:8c:ec:9a:3f:90:c9:8d:f9:18:ca:
                    03:bf:3d:32:43:88:54:4a:70:c6:75:b6:02:59:8b:
                    29:f5:5c:23:16:ed:5a:d2:a8:59:90:6f:7a:8f:ef:
                    97:05:1d:42:dc:36:c3:b6:53:26:6c:e1:05:8c:33:
                    06:0d:11:fe:77:66:da:ed:25:90:c1:ac:7c:f8:ea:
                    22:b1:a5:32:af:92:0e:4b:f0:6b:a8:6f:7b:b6:a4:
                    17:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:F8:6F:61:9F:C5:9A:5D:0A:DA:9B:0C:0A:A7:76:B4:7A:AB:D9:C3
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS140498.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:d2:47:5d:68:6c:e5:cb:65:14:cd:03:ae:fc:b8:2b:56:44:
         76:1a:a9:ab:35:59:3d:ab:8e:0f:73:30:83:ff:79:b9:6e:ad:
         54:12:e5:f2:ac:a1:60:8d:a4:43:42:91:e6:f0:88:9f:bf:2b:
         90:4b:16:85:7b:31:b4:02:c3:60:f2:80:f4:5a:21:7a:2d:d0:
         ca:53:4f:91:17:35:e2:88:09:ea:1f:f2:6b:aa:e3:34:bb:fd:
         3a:b9:91:1d:44:71:c6:e6:e3:75:a5:94:37:a8:11:23:38:68:
         5c:8e:12:ee:e3:53:f2:4c:f9:8f:21:84:3b:33:50:78:d7:c5:
         93:74:3e:03:b3:32:05:c4:a1:fe:b6:23:76:fa:22:38:06:fe:
         7a:26:da:58:27:9e:c1:af:6d:a9:c2:de:79:9b:90:3e:79:7e:
         58:ed:91:73:f0:01:57:4d:d9:0f:53:44:31:35:8d:15:33:b5:
         7e:8a:27:69:56:67:31:86:d5:cb:c6:dd:ae:29:06:64:67:44:
         72:4c:d1:be:d7:b9:1e:46:cd:68:8f:cf:d1:52:f5:53:35:00:
         fb:f2:cf:ad:24:e8:84:a3:2e:f3:aa:0b:5c:5d:07:fd:ff:fa:
         c5:f8:60:f9:07:51:f6:ff:9a:aa:c6:bf:8c:0c:9a:9b:93:2c:
         c3:f0:ec:d2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUS3AMG3GmLx5E5BV2j+XONr9FpD0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MjIwOTM4NThaFw0yNjA3MjEwOTQzNThaMDMxMTAvBgNV
BAMTKDk4Rjg2RjYxOUZDNTlBNUQwQURBOUIwQzBBQTc3NkI0N0FBQkQ5QzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUg9hc7xgwlsKTN8281CgiQlcB
zr2g1Yl6fCdqv4oQUWVvSvlVsnr1AEIZDVv90SDfLGjNRpomkkVyhCCc3838vAC9
uK6hh9mUOft7fXSh2IsQeUt+HWu+LrP/22D3S5+raIZUez+RAp3wEDmryYwYphNV
+9znkg7TgNE9eE33KEdXRQbm9FQ5GesjHD9/mmizo+En3Lc2k0H3UD2waNHdaJYO
l8S/8jhKjOyaP5DJjfkYygO/PTJDiFRKcMZ1tgJZiyn1XCMW7VrSqFmQb3qP75cF
HULcNsO2UyZs4QWMMwYNEf53ZtrtJZDBrHz46iKxpTKvkg5L8Guob3u2pBezAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUmPhvYZ/Fml0K2psMCqd2tHqr2cMwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTQwNDk4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxRC
MA0GCSqGSIb3DQEBCwUAA4IBAQAb0kddaGzly2UUzQOu/LgrVkR2GqmrNVk9q44P
czCD/3m5bq1UEuXyrKFgjaRDQpHm8IifvyuQSxaFezG0AsNg8oD0WiF6LdDKU0+R
FzXiiAnqH/JrquM0u/06uZEdRHHG5uN1pZQ3qBEjOGhcjhLu41PyTPmPIYQ7M1B4
18WTdD4DszIFxKH+tiN2+iI4Bv56JtpYJ57Br22pwt55m5A+eX5Y7ZFz8AFXTdkP
U0QxNY0VM7V+iidpVmcxhtXLxt2uKQZkZ0RyTNG+17keRs1oj8/RUvVTNQD78s+t
JOiEoy7zqgtcXQf9//rF+GD5B1H2/5qqxr+MDJqbkyzD8OzS
-----END CERTIFICATE-----